[Cake] triple flow isolation
moeller0 at gmx.de
Mon Jan 18 11:20:39 EST 2016
On January 18, 2016 10:37:35 AM GMT+01:00, Jonathan Morton <chromatix99 at gmail.com> wrote:
>> On 18 Jan, 2016, at 11:21, moeller0 <moeller0 at gmx.de> wrote:
>> Am I right to assume that dust and src host isolation works with the
>same counters but simply ignores one of them?
>Yes. That’s explicit in the code.
Thanks, as I am on the road since Sunday morning, I could not check the code easily.
>> So if all internal hosts talk to one external host, does this scheme
>then equal pure per-flow fairness? I am trying to understand how robust
>triple-iso is going to be against attempt at shenanigans by unruly
>machines on the internal/external networks…
>No. If there is only one host on one side (whichever side that happens
>to be), then maintaining per-host fairness for that side is trivial.
>The algorithm will instead maintain per-host fairness for the other
>side. This derives from the fact that it also maintains per-host
>fairness within traffic to each individual host. Per-flow fairness is
>also still maintained within individual host-pairs.
>My measurements show that this aspect of the isolation is not perfect.
>There is still some influence from the number of flows, which biases
>the actual throughput slightly from ideal per-host fairness. This bias
>is however *much* smaller than pure per-flow fairness would be, and
>I’ve been unable to come up with a robust way of eliminating it
Question: does this slight imperfection only exist for the two ,*_host settings as well?
>Hence I think it’s reasonable to simply switch on triple isolation by
>default, in the near future. It does approximately the right thing,
>without further configuration, in the great majority of practical cases
>(that I can think of), and to a greater extent than the existing
>“flows” mode does.
Not that it matters much, but I agree, if triple-iso does work good enough and does not have any too nasty corner cases it should be the default... People requiring stricter control can always use src_ host or dst_host if they are not happy with the default I would argue...
>I think that might also be a good time to overhaul the documentation
>and do some other overdue cleanup.
+1 especially for the documentation overhaul ;)
> - Jonathan Morton
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the Cake